Junos Automation (Scripting)
Highlighted
Junos Automation (Scripting)

Juniper continous compliance via Ansible Tower

‎01-22-2020 10:44 AM

This is the structure of the yaml file at the github site

 

https://github.com/gefela/ansible_junos

 

 

Now when the playbook run against the SRX firewall , it should give a message of PASS or Fail as follows ..

• If the task ( Syslog server check) is run against the firewall and the output is similar to the content of files/syslog_config … A pass message( i.e This control Syslog server check has been marked as a PASS compliance check) should be printed out and hence captured by Splunk or Elasticsearch.

• However if the task ( Syslog server check) is run against the firewall and the output is different to the content of files/syslog_config . A failure message ( i.e This control Syslog server check has been marked as a Failure and the following lines of configuration is missing (set system syslog host 192.168.100.70 source-address "{{ inventory_hostname }}".) should be printed out and hence captured by Splunk / ELK.


• In some scenarios , ( Which is not part of the yaml file at the moment ) , the task ( i.e the control check ) might be a configuration line that needs to be absent from the firewall. In this case , a pass message would be printed out if not found.


At the moment, I am getting the pass and failures but not the contents of pass and failures ...


What additional variables do I need to run to display the content of pass and failures ?

The first two examples is what I need at the moment , and once I get familiar with how this can be constructed , we can try the last example.

Thank you

syslog@Ansible tower.png

 

 

 

 

Feedback